better backend auth

have a sort of token thing that is generated by sending the
system a email, and it will return a key to the users registered
email address that they will need to enter in along with the
username and password